Hackers under the alias **Radiant** breached the **Kido nursery chain** by exploiting a third-party software provider (**Famly**), gaining unauthorized access to sensitive data. The attackers exfiltrated and published **profiles of 20 children** online, including **names, genders, dates of birth, birthplaces, family contact details, and nursery photographs**. Additionally, **private data of dozens of employees** (names, addresses, National Insurance numbers, and contact details) was leaked. The criminals demanded a ransom, threatening to release more children’s data if unpaid. Parents reported receiving **direct threatening calls** from the hackers, pressuring them to urge Kido into compliance. The breach exposed highly personal information of **minors and staff**, raising severe concerns over identity theft, fraud, and long-term privacy risks. While the software vendor (**Famly**) confirmed no breach in their own systems, the incident highlights critical vulnerabilities in supply-chain security within childcare sectors. Authorities, including the **Met Police**, are investigating, but the psychological and reputational damage to families and the nursery remains substantial.
Source: https://www.bbc.com/news/articles/c07vxv8v89lo
TPRM report: https://www.rankiteo.com/company/kidoed
"id": "kid2710827110425",
"linkid": "kidoed",
"type": "Ransomware",
"date": "9/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'customers_affected': 'thousands of children and '
'families (exact number '
'undisclosed)',
'industry': 'education/childcare',
'location': 'UK (including Tooting, London)',
'name': 'Kido nursery chain',
'type': 'private childcare provider'},
{'customers_affected': 'Kido nursery chain (no other '
'customers reported affected)',
'industry': 'education technology',
'name': 'Famly',
'size': 'serves over 1 million users (owners, '
'managers, practitioners, families)',
'type': 'software provider'}],
'attack_vector': ['third-party software vulnerability (Famly)',
'social engineering (threatening calls to parents)'],
'customer_advisories': 'parents informed of breach and threatening calls',
'data_breach': {'data_exfiltration': 'yes (published on dark web)',
'file_types_exposed': ["images (children's photos)",
'text records (names, addresses, dates '
'of birth, contact details)'],
'number_of_records_exposed': "at least 20 children's profiles "
'published; dozens of employee '
'records; total breach scale '
"undisclosed ('thousands' "
'mentioned)',
'personally_identifiable_information': 'yes (children: names, '
'genders, DOB, '
'birthplace, family '
'details, photos; '
'employees: names, '
'addresses, national '
'insurance numbers, '
'contact details)',
'sensitivity_of_data': "high (children's PII, family details, "
'employee NI numbers)',
'type_of_data_compromised': ['personally identifiable '
'information (PII)',
"children's profiles",
'employee records']},
'date_publicly_disclosed': '2025-09-26',
'description': "Hackers calling themselves 'Radiant' breached the Kido "
'nursery chain and its software provider, Famly, stealing and '
'threatening to publish private data of thousands of nursery '
'children and their families unless a ransom is paid. The '
'criminals have already posted profiles of 20 children and '
'private data of dozens of employees online. The breach '
'occurred via Famly, a widely used childcare management '
'software, though Famly claims its own infrastructure was not '
'compromised. Parents have reported receiving threatening '
'calls from the hackers, demanding pressure on Kido to pay the '
'ransom. The Met Police are investigating the incident.',
'impact': {'brand_reputation_impact': 'severe (public outrage, media coverage '
"of 'barbaric' targeting of children)",
'customer_complaints': 'reported by parents (e.g., threatening '
'calls, concerns over dark web exposure)',
'data_compromised': ["children's profiles (names, genders, dates "
'of birth, birthplaces, photos, family '
'details, contact information)',
'employee data (names, addresses, national '
'insurance numbers, contact details)'],
'identity_theft_risk': "high (children's and employees' PII "
'exposed)',
'operational_impact': 'reputational damage, parental distress, '
'potential legal liabilities',
'systems_affected': ['Famly software (third-party)',
'Kido nursery chain databases']},
'initial_access_broker': {'data_sold_on_dark_web': 'yes (published '
'incrementally as '
'extortion tactic)',
'entry_point': 'Famly software (third-party vendor)',
'high_value_targets': "children's PII and employee "
'data'},
'investigation_status': 'ongoing (Met Police investigating)',
'motivation': 'financial gain (ransom extortion)',
'ransomware': {'data_exfiltration': 'yes (data stolen and published '
'incrementally)',
'ransom_demanded': 'unspecified (threatened publication of '
'data unless paid)',
'ransom_paid': 'no (as of report)'},
'references': [{'date_accessed': '2025-09-26', 'source': 'BBC News'},
{'date_accessed': '2025-09-26',
'source': 'BBC Radio 4 Today Programme'}],
'response': {'communication_strategy': ['internal advisories to parents '
'(e.g., breach notification)',
'media statements via Famly CEO'],
'incident_response_plan_activated': 'yes (working with '
'authorities)',
'law_enforcement_notified': 'yes (Met Police)',
'third_party_assistance': ['Met Police (investigation)',
'Famly (software provider, though '
'claims no breach of its systems)']},
'stakeholder_advisories': 'parents notified; media statements by Famly CEO '
'(Anders Laustsen)',
'threat_actor': 'Radiant (hacker group)',
'title': "Nursery hackers threaten to publish more children's profiles online",
'type': ['data breach', 'ransomware', 'extortion']}